More Resources

Barney's Blog

Mailbag: Cautionary Scareware Tales

Have you been hit by scareware? These readers share your pain. As pomised, here
are their stories about how they got hit, and how they dealt with the problem:

We're a non-profit providing low-cost computers to low-income disabled
and low-income seniors. The majority of our clientele are new to computers,
and when presented with a big warning in large letters, they will click "Fix
it!" This is a real problem, since our people have no clue as to how
to remove the infection (and I've done it and it isn't easy or quick). What
a pain!
-Paul

I just finished a full factory restore on a friend's laptop because he
clicked on a pop-up for Antivirus 2008. This "free" virus checker
completely trashed his machine. Luckily, I was able to save most of his documents
prior to the machine becoming completely unusable.
-Ron

I am an IT pro, have been for 30 years. There is a lot to be said for
the old dumb terminals that did not have Internet! Since Aug. 1, we have had
15-plus machines get the Antivirus 2008 or some variant thereof at work, and
at least that many employees' personal home machines, which has earned me
some additional pocket money.

But my own personal machines at home (two) also got it -- the first thanks
to one of my daughters, and the second I have to take the blame for. And before
I found a great tool for removal, I spent days trying to clean them up. In
fact, for the one my daughter did, I accidentally deleted some files in the
Windows folder that from that point prevented me from logging back into the
machine, period. I had to change hard drives and make the original C drive
D to be able to back up the 75GB of stuff she had on it. Another week of restoring
and re-installing, and she was back up. Lawsuit is not punishment enough --
theses companies should be tarred and feathered!
-Harry

One of our office machines was playing music from the Internet through
Media Player and a window popped up declaring, "You have been infected
with horrible Trojans, you need to download this now." Thankfully, I
was there and they asked me what was going on. I found out that this was that
bogus Antivirus 2009 that has been showing up in various places. What really
surprised me was that this site not only showed up as an advertisement on
the site Media Player was pointed to, but was a sponsored site on Google and
Yahoo and probably other search engines. I am truly amazed that these search
sites don't screen their advertisers better than this. Apparently, these scammers
are willing to pay to appear on search engines because we are gullible and
will fall into their trap.

The other thing that surprised me was that even while I was telling the user
that this was bogus, they kept saying, "It looks so official, so genuine."
I pointed out that they would hardly make it look fake if they really want
to fool people, and they still kept saying, "It looks so real."
Yes, it does.
-Anonymous

I'm there right now with a PC hit by scareware. Our HR manager brought
in his home laptop and he swears he only visited the GA Bulldog Web site.
The laptop has been taken over by one of those "Your PC is infected"
scams. It's infected, all right! I'm at the point now where the only recourse
is to erase the hard drive. I hope there will be teeth in whatever is done
to go after these companies!
-Buz

XP anti-spam, or something similar, got onto my daughter's computer. I
used Symantec's eradication instructions, but it took days of effort, and
I learned more about registry than I wanted to know.
-Bill

I had a situation recently where my son got attacted by one of these programs.
I did eventually fix it, but it took three days, a lot of investigation and
a copy of bootable Linux to get to the root of the problem. It was almost
as bad as a rootkit to get rid of. Normally, I would probably have just reformatted
the hard drive and reinstalled, but I was bound and determined that some punk
was not going to get the best of me. Since then, I have heard of a number
of other people infected with this crap, and I just wish I would have documented
what I had to do to fix it and post the fix on the Web. Maybe next time.
-Rusty

One of our employees approached me and said his home computer had gotten
some type of virus and had become unusable. Being the compassionate IT manager
that I am, I told him to bring it in. When I turned it on and booted it up,
I could not do anything but stare in disbelief, and then laugh. Basically,
his background wallpaper was red with a virus symbol and the words "You
have a virus" or something to that effect. A pop-up box with a bogus
scan started running and messages started popping up everywhere saying all
types of virus and spyware were detected. I watched amused as Norton AntiVirus
helplessly tried to get things under controll, but it was way out of its league
and was probably making things worse. I could not click or open anything except
a dialog box that popped up saying that I needed to buy the full version of
Vista Antivirus 2008 to fix the problem.

Apparently, while he was surfing the Web he came upon a site that popped
up a dialog box that would "scan his computer for free" for viruses
and spyware. My solution for him? Boot from the XP CD, stay away from questionable
Web sites and do not click on links that promise to clean your PC. Well, you
can guess...the rest is history.
-Asif

I am a division chief with a south Chicago suburb fire department and
also the IT manager for the same municipality. I have had about 30 PCs that
have been infected by these seemingly legitimate pop-ups. I advise my users
to just pull the power plug when one appears, no matter what they're doing.
For the unfortunate ones that didn't, or just clicked the "X" in
the top-right corner, they paid the ultimate data processing price. Their
hard drives went to alphabet heaven. A few were recovered by purchasing other
anti-virus software and these actually did clean up the mess. Most weren't
so lucky. The impact of this is that a lot of these firefighters have had
to use their personal PCs for training. Hours and hours of PowerPoint presentations,
movies and lessons that firefighters and paramedics use went up in smoke.

The problem with this latest round of "You're infected" pop-ups
is that they have the look and feel of a real Microsoft window. When a virus
takes on the look and feel of an operating system, the average user is not
going to have the tools to decide between "Oh, this one is real"
and "Uh-oh...yank the plug." Microsoft and the DAs of the states
-- if not at the federal and international level -- should hunt these authors
down and prosecute them fully with felony charges.
-Tom

Got a comment of your own you'd like to share? Let us know! Leave a comment
below or send an e-mail to dbarney@redmondmag.com.